package com.imddysc.dwz.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.headers()
		.frameOptions().disable();
		
		http.authorizeRequests()
		.antMatchers("/favicon.ico","/jslib/**", "/css/**", "/js/**", "/images/**", "/fonts/**", "/json/**").permitAll() 
		.antMatchers("/login.html", "/login", "/logout").permitAll()
		.antMatchers("/admin/**").hasRole("USER")
		//.antMatchers("/index.html").access("hasAnyRole('ADMIN','USER')")
		//.antMatchers("/login").permitAll()
		//.antMatchers("/**").authenticated();
		.antMatchers("/**").permitAll();
		
		http.formLogin()
		.loginPage("/login.html")
		.loginProcessingUrl("/login")
		.defaultSuccessUrl("/admin/index.html")
		//.permitAll()
		.and()
		.logout()
		.logoutUrl("/logout")
		.logoutSuccessUrl("/login.html")
		.invalidateHttpSession(true)
		.and()
		.cors().disable()
		.csrf().disable();

		
	}
	
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
		        .withUser("admin").password("admin").roles("ADMIN")
		        .and()
                .withUser("dxw").password("123456").roles("USER")
                .and()
                .withUser("daixiongwei").password("123456").roles("USER")
                .and()
                .withUser("代雄伟").password("123456").roles("USER");
    }

    @Bean
    PasswordEncoder passwordEncoder(){
        return NoOpPasswordEncoder.getInstance();
    	//return new BCryptPasswordEncoder();
    }
    
}
